The National Security Agency on Tuesday warned network administrators about the risks of using poorly scoped wildcard Transport Layer Security certificates. In a cybersecurity information sheet, titled, “Avoid Dangers of Wildcard TLS Certificates and the ALPACA Technique,” the agency outlined the risks of falling victim to a web application exploitation method called Application Layer Protocols […]
The Cybersecurity and Infrastructure Security Agency has released a Trusted Internet Connections 3.0 document addressing how agencies can secure remote working scenarios. The guidance covers employees performing sanctioned business functions outside of physical agency premises and remote user devices not directly connected to network infrastructure that is managed and maintained by agencies. CISA details ways […]
Deputy Attorney General Lisa Monaco on Wednesday led the launch of the Civil Cyber-Fraud Initiative, which will harness the Department of Justice’s expertise in civil fraud enforcement, government procurement and cybersecurity to combat new and emerging cyber threats. The anti-cyber fraud program was born out of a comprehensive review of government contractors’ adherence to cybersecurity […]
The Department of Homeland Security will require organizations across the transportation industry to share cybersecurity information. DHS Secretary Alejandro Mayorkas announced the move at the Billington Cybersecurity Summit in the midst of the agency’s fourth 60-day cyber sprint focused on transportation security. Under the information sharing requirement, Mayorkas said 2,300 maritime entities will have to […]
The Department of Defense is taking preparatory steps to establish its zero trust program office within the fall, an official said. Kelly Fletcher, a senior official carrying out the duties of the DOD chief information officer, said the department is currently retiring aging systems to reduce its attack surface, Federal News Network reported Thursday. “What […]
The leaders of the Senate Homeland Security and Governmental Affairs Committee introduced a piece of legislation on Monday that would clarify cyberattack reporting requirements for government agencies. The bill, which was introduced by committee Chairman Gary Peters and ranking member Rob Portman, would update the Federal Information Security Modernization Act. The bill would require government […]
An inspector general report called out the U.S. Army for inappropriate cyber planning with regards to the newly deployed Capability Set 21 Integrated Tactical Network. The report, which analyzed vulnerabilities associated with capabilities purchased under the Middle Tier Acquisition pathway, said the Army officials responsible for CS21 did not conduct a cyber-adversarial assessment and had […]
The National Security Council is expected to host later in October representatives from 30 countries on a counter ransomware initiative aimed at making critical infrastructure more resilient to attacks, among other related goals. Anne Neuberger, deputy national security adviser for cyber and emerging technologies, said the gathering will focus on multiple intended outcomes around cryptocurrency […]
The U.S. Coast Guard is planning to add more cyber offensive capabilities to defend the United States’ waterways and coastlines, as well as other activities that the service is involved in. The effort comes as the Coast Guard foresees the need to increase its cyber capabilities amid rising threats in the digital domain. Rear Adm. […]
Learning Tree, a licensed training provider for the Department of Defense’s Cybersecurity Maturity Model Certification program, will begin offering its Certified CMMC Professional Training Course on Nov. 1. The course runs for five days and provides comprehensive training to help certify individuals with the knowledge necessary to assess CMMC compliance, Learning Tree said. According to […]
